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Amendment to the Claims 



This listing will replace all prior versions and listings of claims in the application: 




Claims: 



0! 



(original) A method of verifying a transaction over a data communication system 
between a first and second correspondent through the use of a certifying authority having 
control of a certificate's validity, said certificate being used by at least said first 
correspondent, said method comprising the steps of: 

a) one of said first and second correspondents advising said certifying authority that 
said certificate is to be validated; 

b) said certifying authority verifying the validity of said certificate attributed to said 
first correspondent; 

c) said certifying authority generating implicit signature components including 
specific authorization information; 

d) forwarding to said first correspondent at least one of said implicit signature 
components for permitting said first correspondent to generate an ephemeral 
private key; 

c) forwarding to said second correspondent at least one of said implicit signature 

components for permitting recovery of an ephemeral public key corresponding to 
said ephemeral private key; 

f) said first correspondent signing a message with said ephemeral private key and 
forwarding said message to said second correspondent and 

g) said second correspondent attempting to verify said signature using said 
ephemeral public key and proceeding with said transaction upon verification. 

(original) A method as defined in claim 1, wherein said second correspondent advises 
said certification authority that said certificate is to be validated upon receiving an initial 
message from said first correspondent. 



McCarthy Tctrautt LLP TOO-RED #8222350 v. / 



RPR-05-E004 1S:S5 FROM: 416 601 8E00 2911 ^^17034152559 P. 7 

Appl. No. 09/589,891 

Amdt. Dated: April 5, 2004 

Reply to Office Action of; December 4, 2003 

3, (original) A method as defined in claim 2, wherein said at least one of said implicit 
signature components is forwarded to said second correspondent by said certifying 
authority. 



4. (original) A method as defined in claim 3, wherein said at least one of said implicit 
signature components is forwarded to said first correspondent by said second 
correspondent. 

5. (original) A method as defined in claim 4, wherein said generated implicit signature 
components includes: 

a) Yi> where = kP + rP, and where k is a long term private key of said first 
correspondent, r is a random integer generated by said certification authority, and 
P is a point on a curve; and 

b) $ [y where s t - r - c-H(A| f yi), and where c is a long term private key of said 
certifying authority, Aj includes at least one distinguishing feature of said first 
correspondent and said specific authorization information, and H indicates a 
secure hash function; 

wherein said long term private key of said first correspondent is sent to said certifying 
authority prior to said verification transaction. 

6. (original) A method as defined in claim 5, wherein Aj, Yi, and s { are forwarded to said 
second correspondent and s\ is forwarded to said first correspondent, 

7. (original) A method as defined in claim 5, wherein said distinguishing feature is includes 
at least one of a name of said first correspondent, a telephone number of said first 
correspondent, and an address of said first correspondent. 

8. (original) A method as defined in claim 5, wherein said specific authorization 
information includes at least one of a time of said transaction and a date of said 
transaction. 
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9. (original) A method as defined in claim 6, wherein said ephemeral private key is 
generated according to a; = k+Sj, where a t is said ephemeral private key. 

10. (original) A method as defined in claim 9, wherein said ephemeral public key is 
recovered according to b\P= Yi-H(Ai,Yi)-cP, where ajP is said ephemeral public key and cP 
is said certifying authority's public key. 

11. (original) A method as defined in claim 1 0, wherein said certifying authority verifies the 
validity of said certi ficate attributed to said first correspondent by checking a list for 
determining if said certificate has been revoked, 

12. (original) A method as defined in claim 10, wherein said ephemeral private key is a 
transaction specific private key and said ephemeral, public key is a transaction specific 
public key, 

13. (original) A method as defined in claim 2, wherein said first correspondent advises said 
certification authority that said certificate is to be validated. 

14. (original) A method as defined in claim 14, wherein said at least one of said implicit 
signature components is forwarded to said first correspondent by said certifying 
authority. 

1 5. (original) A method as defined in claim 1.4, wherein said at least one of said implicit 
signature components is forwarded to said second correspondent by said first 
correspondent. 

16. (original) A method as defined in claim 15, wherein said generated implicit signature 
components include: 
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a) Yi, where Yi = kP + rP, and where k is a long term private key of said first 
correspondent, r is a random integer generated by said certification authority, and 
Pisa point on a curve; and 

b) Si, where Sj = r - c-H(Aj,Yi)> and where c is a long term private key of said 
certifying authority, A] includes at least one distinguishing feature of said first 
correspondent and said specific authorization information, and H indicates a 
secure hash function; 

wherein said long term private key of said first correspondent is sent to said certifying 
authority prior to said verification transaction. 

17. (original) A method as defined in claim 16, wherein A iy Yi, and s\ are forwarded to said 
first correspondent, and A* and yi are forwarded to said second correspondent. 




1 8. (original) A method as defined in claim 16, wherein said distinguishing feature is 
includes at least one of a name of said first correspondent, a telephone number of said 
first correspondent, and an address of said first correspondent. 

19. (original) A method as defined in claim 16, wherein said specific authorization 
information includes at least one of a time of said transaction and a date of said 
transaction. 



20. (original) A method as defined in claim 1 7, wherein said ephemeral private key is 
generated according to a, « k+Si, where a s is said ephemeral private key. 



21. (original) A method as defined in claim 20, wherein said ephemeral public key is 

recovered according to aiP= Yj-H(Ai,YiHP, where aiP is said ephemeral public key and cP 
is said certifying authority's public key. 
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22. (original) A method as defined in claim 21, wherein said certifying authority verifies the 
validity of said certificate attributed to said first correspondent by checking a list for 
determining if said certificate has been revoked. 



23. (original) A method as defined in claim 21 , wherein said ephemeral private key is a 
transaction specific private key and said ephemeral public key is a transaction specific 
public key. 

24. (original) A method as defined in claim 1 5, wherein said generated implicit signature 
components include a parameter for indicating a predetermined permission for said first 
correspondent, said second correspondent granting access to said first correspondent 
according to said predetermined permission upon verification of said signature. 

25. (original) A method as defined in claim 15, wherein said generated implicit signature 
components include: 

a) ya, where y A = aP + c A P , and where aP is a long term public key of said first 
correspondent, c A is a random integer generated by said certifying authority, and 
P is a point on a curve; and 

b) s A , where s A = h(y A \\ A. \\ cP)c + c A (modn), and where Aj includes at least one 
distinguishing feature of said first correspondent, where c is a long term private 
key of said certifying authority, n is a large prime number, and h indicates a 
secure hash function. 

26. (original) A method as defined in claim 23, wherein y A and s A are forwarded lo said first 
correspondent, and Ai and ya are forwarded to said second correspondent by said first 
correspondent. 



27. (original) A method as defined in claim 25, wherein said distinguishing feature is 

includes at least one of a name of said first correspondent, a telephone number of said 
first correspondent, and an address of said first correspondent. 
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28. (original) A method as defined in claim 25, wherein said specific authorization 
information includes at least one of a time of said transaction and a date of said 
transaction. 

29. (original) A method as defined in claim 26, wherein said ephemeral private key is 
generated according to d = a + s A , where d is said ephemeral private key. 

30. (original) A method as defined in claim 29> wherein said ephemeral public key is 
recovered according to Q A = h{y A \\ A i || Q C )Q C + y A , where Q A is said ephemeral public 
key and Qc is said certifying authority's long term public key. 

31. (original) A method as defined in claim 30, wherein said certifying authority recertifies 
said certificate attributed to said first correspondent by changing said random integer, Ca. 

32. (original) A method as defined in claim 30, wherein said ephemeral private key is a 
transaction specific private key and said ephemeral public key is a transaction specific 
public key. 

33. (original) A method as defined in claim 1 5, wherein said generated implicit signature 
components include: 

a) i, where / is a certification period; 

b) s A , where s^= r { c ^k ( +c A (mod w) > n is a large prime number, c is a long term 
private key of said certifying authority, c A and ki are random integers, and 

n = h(r a II A i II cP II K p II 0 > wherc A i includes at least one distinguishing feature 
of said correspondent and said specific authorization information, P is a point on a 
curve, and h indicates a secure hash function; 
wherein y A ~aP + c A P , and where aP is a long term public key of said correspondent 
and 7a has previously been determined by said certifying authority and forwarded to said 
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correspondent. 



34. (original) A method as defined in claim 33, wherein / and s A are forwarded to said first 
correspondent, and Ai and y A are forwarded to said second correspondent by said first 
correspondent. 



35. (original) A method as defined in claim 33, wherein said distinguishing feature is 
includes at least one of a name of said first correspondent, a telephone number of said 
first correspondent, and an address of said first correspondent, 

36. (original) A method as defined in claim 33, wherein said specific authorization 
information includes at least one of a time of said transaction and a date of said 
transaction. 

37. (original) A method as defined in claim 34, wherein said ephemeral private key is 
generated according to d i - a + s A , where dj is said ephemeral private key, 

38. (original) A method as defined in claim 37, wherein said ephemeral public key is 
recovered according to Q A = r t Q c + y A + Q x , where Q A is said ephemeral public key, g, 
is said certifying authority's certification period public key, and Qc is said certifying 
authority's long term public key. 



39. (original) A method as defined in claim 38, wherein said certifying authority recertifies 
said certificate attributed to said first correspondent for each certification period, i> by 
changing said random integer, kj. 

40. (original) A method as defined in claim 38, wherein said ephemeral private key and said 
ephemeral public key have a predetermined period of validity. 



McCarthy Tctrault LLP TDO-RED m22350 v. i 



8 



-05-2004 IS: 25 FROM: 




416 601 8200 2911 



1703415E559 



P. 13'18 



Appl. No. 09/589,891 

Amdt. Dated: April 5, 2004 

Reply to Office Action of: December 4, 2003 

41 . (original) A method as defined in claim 40, wherein said predetermined period of validity 
is one transaction. 



42. (original) A method as defined in claim 40, wherein said predetermined period o f validity 
is a predetermined number of transactions. 



43 . (original) A method as defined in claim 40, wherein said predetermined period of validity 
is a predetermined time period. 



44. (currently amended) A method for certi fying a correspondent through the use of a 

certifying authority having control of a certificate's validity, said method comprising the 
steps of: 

a) said certifying authority generating a first random number [havejhaving a value; 



c) publishing a public key of said certifying authority for use in veri fying said 
correspondent; 

d) forwarding said implicit signature components from said certi fying authority to 
said correspondent; 

wherein said certifying authority recertifies said correspondent's certificate by changing 
said value of said first random number. 

45. (original) A method as defined in claim 44, wherein c A is said first random number 

generated by said certifying authority and said implicit signature components include: 

a) y A , where y A = aP + c A P , and where aP is a long term public key of said 
correspondent and P is a point on a curve; and 

b) s A , where s A = h{y A || A, \\ cP)c + c A (mod n) , and where c is a long term private 
key of said certifying authority, n is a large prime number, Aj is an identifier of 
said correspondent and includes at least one distinguishing feature of said 
correspondent, and h indicates a secure hash function; 



b) 



generating implicit signature components based on said first random number; 
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46. (original) A method as defined in claim 45, wherein said correspondent is recertified by 
forwarding said implicit signature components for said first random number having said 
changed value from said certifying authority to said correspondent. 

47. (original) A method as defined in claim 43, wherein said first random integer has said 
value for one certification period, said value being changed for other of said certifications 
periods. 

48. (original) A method as defined in claim 47, wherein k, is said first random integer 
generated by said certifying authority for an ith certification period and said implicit 
signature components include: 

c) /, where i is a current certification period; 

d) s A , where s Ai = + k ( + c A (mod w) > n is a large prime number, c is a long term 
private key of said certifying authority, c A is a second random integer, and 

n = h(y A || 4 II cP || k g P || i) , where Ai includes at least one distinguishing feature 
of said correspondent, P is a point on a curve, and h indicates a secure hash 
function; 

wherein y A =aP+c A P ', and where aP is a long term public key of said correspondent 
and y A has previously been determined by said certifying authority and forwarded to said 
correspondent. 

49. (original) A method as defined in claim 48, wherein said published information further 
includes k\P and /. 

50. (original) A method as defined in claim 49, wherein said correspondent is recertified by 
forwarding said implicit signature components for said first random number having said 
changed value from said certifying authority to said correspondent. 
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